Hi all,
Our zabbix instances are used in a hosting environment with multiple customers, where each customer has multiple actual users.
I've set up the zabbix environment in a way where the above works great permission wise, using hostgroups, usergroups and users (all linked to an external CMDB).
Now i would like to setup alert messaging in a way where i do not have to define hosts, customers or users, nor their relations / permissions in a redundant manner (e.g. define the above elements more than once).
So i setup a generic form of alerting where i create one user group called 'alerts', to which i send all trigger alert messages. This 'alerts' group has no hosts/nodes permissions defined and all users which are to receive alerts are in this group (plus their customer group which grants them permissions on their hosts).
My assumption was that when a alert is sent to 'all users' for a specific host, only the users with actual permission for that host would receive the message. It seems that this is not the case; all users in this 'alerts' usergroup receive the message regardless of whether they have permissions for this host or not.
Question 1; is this behavior by design or is this a bug?
aka, are permissions sent to users held against the same permission checks used by the web interface for that user, or is it only done by trigger action destination.
Question 2; If no permission checks are done for sending messages, would adding the permission checks be an acceptable suggestion for implementing this in zabbix?
Our zabbix instances are used in a hosting environment with multiple customers, where each customer has multiple actual users.
I've set up the zabbix environment in a way where the above works great permission wise, using hostgroups, usergroups and users (all linked to an external CMDB).
Now i would like to setup alert messaging in a way where i do not have to define hosts, customers or users, nor their relations / permissions in a redundant manner (e.g. define the above elements more than once).
So i setup a generic form of alerting where i create one user group called 'alerts', to which i send all trigger alert messages. This 'alerts' group has no hosts/nodes permissions defined and all users which are to receive alerts are in this group (plus their customer group which grants them permissions on their hosts).
My assumption was that when a alert is sent to 'all users' for a specific host, only the users with actual permission for that host would receive the message. It seems that this is not the case; all users in this 'alerts' usergroup receive the message regardless of whether they have permissions for this host or not.
Question 1; is this behavior by design or is this a bug?
aka, are permissions sent to users held against the same permission checks used by the web interface for that user, or is it only done by trigger action destination.
Question 2; If no permission checks are done for sending messages, would adding the permission checks be an acceptable suggestion for implementing this in zabbix?
Comment